US7215667B1 - System and method for communicating IPSec tunnel packets with compressed inner headers - Google Patents
System and method for communicating IPSec tunnel packets with compressed inner headers Download PDFInfo
- Publication number
- US7215667B1 US7215667B1 US09/998,715 US99871501A US7215667B1 US 7215667 B1 US7215667 B1 US 7215667B1 US 99871501 A US99871501 A US 99871501A US 7215667 B1 US7215667 B1 US 7215667B1
- Authority
- US
- United States
- Prior art keywords
- header
- ipsec tunnel
- ipsec
- headers
- compressed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2212/00—Encapsulation of packets
Definitions
- the present invention pertains to network communications and in particular, to security for network communications, and more particularly to the IPSec protocol and inner header compression of IPSec tunnel packets.
- IPSec is a protocol that can provide security services at the IP layer by enabling a system to select security protocols, determine algorithms for the security services and put in place any cryptographic keys required to provide the security services. IPSec can also be used to protect one or more paths between a pair of hosts, between a pair of secure gateways, or between a security gateway and a host.
- IPSec internet protocol is specified by the Network Working Group in “Request for Comment” (RFC) 2401, 2402 and 2406.
- the IPSec protocol may be implemented in either a tunneling mode or a transport mode.
- unicast addresses are used to set up a “tunnel” between two nodes across a network. Tunneling enables one network to send data via another network's connections by encapsulating one protocol within packets carried by the other network. For example, links between intermediate stations on the internet are managed independently and are often transparent to the end stations.
- IPSec security protocol communication may be established for example, between separate locations of an organization to help protect data communications between the locations. The use of IPSec may enable parties to establish a secure virtual private network (VPN).
- VPN virtual private network
- IP packets are encapsulated and outer headers are added.
- the encapsulated portion which includes inner headers, may, for example, be hidden by encryption and/or authentication.
- the addition of the outer headers results in larger packets that require additional communication bandwidth for the communication of these IPSec tunnel packets.
- IPSec tunnel packets are unable to implement typical IP header compression schemes for the inner headers used to reduce packet size because, among other things, the inner headers may be encapsulated along with a payload with encryption and/or authentication.
- FIG. 1 is a block diagram of a system suitable for communication of IPSec tunnel packets with compressed inner headers in accordance with an embodiment of the present invention
- FIG. 2 illustrates a conventional IPSec tunnel packet and an IPSec tunnel packet with compressed inner headers in accordance with an embodiment of the present invention
- FIG. 3 illustrates a tunnel device in accordance with an embodiment of the present invention
- FIG. 4 illustrates the inner header fields of a conventional IPSec tunnel packet
- FIG. 5 illustrates a security association database entry in accordance with an embodiment of the present invention
- FIG. 6 illustrates a context sub-table in accordance with an embodiment of the present invention
- FIG. 7 is a flow chart of an IPSec tunnel packet transmission procedure in accordance with an embodiment of the present invention.
- FIG. 8 is a flow chart of a tunnel parameter establishment procedure in accordance with an embodiment of the present invention.
- FIG. 9 is a flow chart of an IPSec tunnel packet reception procedure in accordance with an embodiment of the present invention.
- the present invention generally relates to compression of inner headers for IPSec tunnel packets.
- compression of inner headers of IPSec tunnel packets may be achieved by storing an inner IP header and an inner protocol header in a context sub-table associated with the security association database entry at a destination tunnel device.
- IPSec tunnel packets having compressed inner headers may be identified by a portion of the bits of the security policy index (SPI) number in the IPSec header.
- SPI number may also identify whether the IPSec tunnel packet is a transmission control protocol (TCP) packet.
- a portion of padding in the encapsulated portion may identify a particular context sub-table used for decompressing the inner headers.
- MAC message authentication code
- a method for communicating IPSec tunnel packets with compressed inner headers is provided.
- An initial IPSec tunnel packet is sent from a source tunnel device to a destination tunnel device.
- An inner IP header and an inner protocol header from the initial IPSec tunnel packet are stored in a context sub-table at the destination tunnel device.
- a compressed inner header is generated at the source tunnel device from the inner protocol header of the subsequent IPSec tunnel packet.
- the compressed inner header may contain TCP random information.
- a security operation is performed on the compressed inner header, a payload field and a padding field to generate an encapsulated portion.
- the outer headers are added to the encapsulated portion to generate an IPSec tunnel packet with compressed inner headers.
- the IPSec tunnel packet with compressed inner headers may be sent from the source tunnel device to the destination tunnel device.
- the IPSec tunnel packet with compressed inner headers includes a tunnel header, an IPSec header, the encapsulated portion, and an authentication code.
- a security association database entry is identified for the tunnel using a security policy index number in the IPSec header.
- the encapsulated portion may be decrypted to determine the compressed inner headers and the padding field.
- the padding field includes a context sub-table identifier to identify a context sub-table associated with the security association database entry.
- the inner IP header and the inner protocol header for the IPSec tunnel packet are retrieved from the context sub-table.
- the IPSec tunnel packet with full inner headers is recreated using the inner IP header and inner protocol header retrieved from the context sub-table.
- the present invention provides, a tunnel device for communicating IPSec tunnel packets with compressed inner headers.
- the tunnel device may include an inner header compressor to generate a compressed inner header from inner headers of an IPSec tunnel packet with full inner headers.
- the tunnel device also may include a security processor to perform a security operation on the compressed inner header, a payload field and a padding field of the IPSec tunnel packet to generate an encapsulated portion.
- the tunnel device also may include an IP packet processor to add outer headers to the encapsulated portion to generate an IPSec tunnel packet with compressed inner headers.
- the present invention provides a computer readable medium having program instructions stored thereon for performing a method of communicating IPSec tunnel packets with compressed headers when executed within a digital processing device.
- the method includes generating a compressed inner header from an inner protocol header of an IPSec tunnel packet with full inner headers, performing a security operation on the compressed inner header, a payload field and a padding field of the IPSec tunnel packet to generate an encapsulated portion.
- FIG. 1 illustrates a block diagram of a system suitable for communication of IPSec tunnel data packets in accordance with an embodiment of the present invention.
- System 100 is a communication system that includes, among other things, network 110 , tunnel device 112 , tunnel device 114 , subnet 116 and subnet 118 .
- Network 110 supports the communication of packetized data.
- Tunnel devices 112 and 114 may communicate packetized data with each other through network 110 over communication links 120 .
- tunnel devices 112 , 114 may implement an IPSec tunnel protocol for communication of IPSec tunnel packets.
- packets between source and destination communication devices in subnets 116 and 118 may be communicated through network 110 using an IPSec tunnel established between tunnel device 114 and tunnel device 116 .
- Tunnel devices 114 and 116 may implement an IPSec tunnel protocol which encapsulates the packets communicated therebetween providing, for example, security for the communications.
- a security association is established between the tunnel devices which defines the parameters of the IPSec tunnel between the tunnel devices.
- the IPSec tunnel packets may have ultimate sources and destinations within either subnet 116 , 118 .
- Tunnel devices 112 , 114 may function as host or a security gateway. Additional details on IPSec can be found in the Network Working Group “Request for Comment” (RFC) 2401, 2402 and 2406.
- RRC Network Working Group “Request for Comment”
- FIG. 2 illustrates a conventional IPSec tunnel data packet and an IPSec tunnel data packet with compressed inner headers in accordance with an embodiment of the present invention.
- Conventional IPSec tunnel packet 220 may include outer IP header 222 , IPSec header 224 , inner IP header 226 , inner protocol header 228 , payload 223 , padding 225 and message authentication code (MAC) 227 .
- the outer header portion of IPSec tunnel packet 220 includes outer IP header 222 and IPSec header 224 .
- the inner header portion of IPSec tunnel packet 220 includes inner IP header 226 and inner protocol header 228 .
- Outer IP header 222 is sometimes referred to as a tunnel header, and may include bits that indicate an IP version number, a source and destination address of the tunnel devices, an IPSec protocol type, header length, and payload length.
- IPSec header 224 may include security policy index (SPI) number field 221 and sequence number (SN) field 229 .
- SPI number may be used to look up the Security Association Database (SAD) entry.
- SAD defines the security association between two tunnel devices that implement IPSec communications using an IPSec tunnel.
- the IPSec protocol type may implement an encapsulating security protocol (ESP) with or without encryption, or may implement an authentication header (AH) protocol.
- Inner protocol header 228 may be either a user datagram protocol (UDP) header or a transmission control protocol (TCP) header depending on the type of protocol the IP packet implements.
- UDP user datagram protocol
- TCP transmission control protocol
- inner header fields 226 , 228 , payload 223 and padding 225 are encapsulated as part of conventional IPSec processing before packet 220 is sent from a transmitting tunnel device to a receiving tunnel device.
- the encapsulated portion of conventional IPSec tunnel packet 220 may include inner IP header 226 , inner protocol header 228 , payload 223 and padding 225 .
- Payload 223 is an optional field and is not required, however payload 223 generally carries data which may be a primary reason for communicating.
- inner IP header 226 may be the same for all packets and inner protocol header 228 may change very little or may change in a predictable way between packets. Sending the same or similar information in each packet consumes unnecessary network resources.
- inner headers of an IPSec tunnel packet such as IPSec tunnel packet 220 , are compressed prior to encapsulation which reduce packet size and reduces network resources required to transfer the packet.
- inner headers 226 , 228 of IPSec tunnel packet 220 are compressed by a sending tunnel device before transmission to a receiving tunnel device.
- IPSec tunnel packet 230 illustrates an IPSec tunnel packet with compressed inner headers.
- IPSec tunnel packet 230 may include outer IP header 232 , IPSec header 234 , compressed inner headers 236 , payload 233 , padding 235 and message authentication code (MAC) 237 .
- IPSec header 234 may include security policy index (SPI) number field 231 and sequence number (SN) field 239 .
- Certain predetermined bits of the SPI number may be used to represent an security association database entry address pointer for the inbound IPSec tunnel packets.
- a receiving tunnel device uses the security association database address pointer to locate the security association database entry defining the security association for the tunnel.
- certain predetermined bits of the IPSec header e.g., the last two bits of the SPI number
- the certain predetermined bits may also indicate whether the packet is a TCP packet.
- the certain predetermined bits may indicate whether a security operation such as an encryption or an authentication has been performed on the encapsulated portion.
- the certain predetermined bits of the IPSec header may also indicate which security operation is performed on the encapsulated portion.
- the encapsulated portion of IPSec tunnel packet 230 may include compressed inner headers 236 , payload and padding 235 .
- Payload 233 is an optional field.
- the certain predetermined bits of the IPSec header are set to indicate whether or not the inner headers are compressed.
- information used to reconstruct the inner headers is stored in a context sub-table accessible to the receiving tunnel device.
- a portion of the bits of padding 235 may be used to identify a particular context sub-table.
- a portion of the bits on the sequence number field of IPSec header field 234 may be used to identify a particular context sub-table.
- the receiving tunnel device refers to the appropriate context sub-table to decompress inner IP headers 236 of packet 230 .
- a context sub-table may be created for communications to any particular packet destination utilizing an established IPSec tunnel having a security association database entry.
- the destination tunnel device may be a security gateway or a host.
- the packet destination may reside in a subnet.
- several thousand or more destinations may utilize an established IPSec tunnel and accordingly, several thousand or more context sub-tables may be associated with a security association database entry.
- the portion of bits of padding 235 are set to indicate a particular context sub-table prior to encapsulation.
- compressed inner headers 236 of packet 230 include status bits for each of the random fields that are changed from the previous packet.
- the status bits and random fields may, for example, comprise one or more bytes and may be encoded in accordance with RFC 1144, RFC 2507 and/or RFC 2508.
- compressed inner headers 236 may also include a checksum which may be two-bytes. Error handling for packets may invoke the context/state control packet mechanisms described in RFC 2507 and or RFC 2508.
- FIG. 3 illustrates a tunnel device in accordance with an embodiment of the present invention.
- Tunnel device 300 may be any communication device suitable to implement network IP communications and configured to communicate IPSec tunnel packets with compressed inner headers in accordance with an embodiment of the present invention.
- Tunnel device 300 may be a personal computer or a server which may be serving as a gateway or security server and which may correspond with tunnel devices 114 , 116 ( FIG. 1 ).
- Tunnel device 300 includes controller 302 configured to communicate IP packetized data with a network over communication link 120 .
- Controller 302 may be configured with software programs 304 and may implement the IPSec protocol or portions thereof.
- hardware accelerators 306 may be used to implement certain security operations of IPSec processing such as the cryptographic operations.
- Inner header compressor 308 may generate a compressed inner header from inner headers of an IPSec tunnel packet with full inner headers.
- Security processor 310 may perform a security operation on the compressed inner header, a payload field and a padding field of the IPSec tunnel packet to generate an encapsulated portion.
- IP packet processor 312 may replace an inner IP header, the inner protocol header, the payload field and the padding field of the IPSec tunnel packet with the encapsulated portion to generate an IPSec tunnel packet with compressed inner headers.
- Inner header decompressor 314 may decompress the inner headers of IPSec tunnel packets received with compressed inner headers.
- Memory 316 may store security associations for the IPSec tunnels, and may store a security association database entry for each tunnel. In accordance with the preferred embodiment, memory 316 may also store context sub-tables for communication devices that communicate using a particular IPSec tunnel.
- controller 302 may be comprised of processors configured with software programs 304 to implement inner header compression and inner header decompression.
- inner header compressor 308 , inner header decompressor 314 , IP packet processor 312 , and security processor 310 may be implemented as one or more processors that are part of controller 302 .
- FIG. 4 illustrates the inner header fields of a conventional IPSec tunnel packet.
- Inner header fields 400 represent the fields of inner headers of an IPSec tunnel packet prior to compression or subsequent to decompression in accordance with the embodiments of the present invention.
- Inner header fields 400 are compressed of inner IP header fields 402 and inner protocol header fields 404 .
- inner protocol header fields 404 are illustrated with inner protocol header fields 404 being a conventional transmission control protocol (TCP) header, other inner protocol headers, such as UDP headers, are equally suitable for use with the present invention.
- Inner IP header fields 402 may comprise the fields of inner IP header 226 ( FIG. 2 ) and inner protocol header fields 404 may comprise the fields of inner protocol header 228 ( FIG. 2 ).
- FIG. 5 illustrates a security association database entry in accordance with an embodiment of the present invention.
- Security association database (SAD) entry 500 defines the security association for a particular tunnel for communication of IPSec tunnel packets between two tunnel devices.
- Security association database entry 500 may have a plurality of context sub-tables 600 associated therewith. Each context sub-table may be used for commutation of IPSec tunnel packets with compressed inner headers in accordance with the embodiments of the present invention.
- FIG. 6 illustrates a context sub-table in accordance with an embodiment of the present invention.
- Context sub-table 600 may be stored at source and destination tunnel devices and may include context identifier (CID) number field 602 , inner IP header field 604 , inner protocol header field 606 , generation number field 608 , last sequence number field 610 and ACK Number 612 .
- CID number field 602 distinguishes particular context sub-tables from other context sub-tables.
- the encapsulated portion of an IPSec tunnel packet with compressed inner headers includes a CID number which identifies a particular context sub-table for use in decompressing the inner headers of IPSec tunnel packet.
- the CID number in field 602 may correspond with the CID number that is included as part of padding 235 of IPSec tunnel packet 230 ( FIG. 2 ).
- the CID number is added to the padding prior to encapsulation where a security operation may be performed.
- Inner IP header field 604 may store the inner IP header of IPSec tunnel packets that have compressed inner headers.
- Inner protocol header field 606 may store the inner protocol header of IPSec tunnel packets that have compressed inner headers.
- the inner protocol header may be a protocol header such as a TCP or UDP header, and field 606 may include the most recent protocol header in the packet stream.
- Generation number field 608 may indicate the a latest generation of the inner protocol header.
- Last sequence number field 610 may be used to indicate the most recent sequence number of the IPSec tunnel packet.
- FIG. 7 is a flow chart of an IPSec tunnel packet transmission procedure in accordance with an embodiment of the present invention.
- procedure 700 is performed by a transmitting tunnel device for the communication of IPSec tunnel packets with compressed inner headers.
- the transmitting tunnel device performs procedure 700 to generate IPSec tunnel packets with compressed inner headers and communicates the packets through a network utilizing an established IPSec tunnel to a reception tunnel device.
- Tunnel device 300 ( FIG. 3 ) may be suitable for performing procedure 700 .
- tunnel parameters are established for the communication of IPSec tunnel packets.
- Operation 702 includes establishing a security association between two tunnel devices and may involve creating a security association data entry for the IPSec tunnel.
- Operation 702 may also include creating a context sub-table for the communication of IPSec tunnel packets with compressed inner headers through the IPSec tunnel.
- a compressed inner header is generated.
- an inner protocol header of a prior packet is compared with an inner header of a current packet to determine fields of the inner protocol header that have changed.
- the compressed inner header is comprised of status bits which correspond to fields that have changed or information indicating how particular fields have changed.
- the information contained in inner headers 402 , 404 ( FIG. 4 ) may be stored in the context sub-table for the sending device and may be used to provide a comparison in formulating the change information included in the compressed header fields.
- the status bits may be followed by the field or fields that have changed.
- the compressed inner header is comprised of generation data indicating changed fields of the inner protocol header.
- IP header 226 ( FIG. 2 )
- IP header 228 ( FIG. 2 )
- IP header compression techniques that may be suitable for use with the present invention may be found, for example, in the Network Working Group's RFC 2507.
- a security operation is performed.
- a security operation is performed on the compressed inner header along with a payload field and a padding field of the IPSec tunnel packet to generate an encapsulated portion of the IPSec tunnel packet.
- a context sub-table identifier is included in the padding field prior to performing operation 706 to identify the particular context sub-table associated with the security association database entry which stores information used in decompressing the compressed inner headers.
- the padding field may also be adjusted so that the security operation has a proper number of bits to operate.
- the security operation may be an authentication operation.
- the IPSec tunnel may implement an encapsulating security protocol (ESP) without encryption or an authentication header (AH) protocol.
- the security operation may be an encryption operation.
- the IPSec tunnel may implement the ESP with encryption.
- the compressed inner header, the payload and the padding are replaced with either encrypted or authenticated data bits to form the encapsulated portion of an IPSec tunnel packet.
- outer headers are added at the beginning of the encapsulated portion and a message authentication code (MAC) is added after the encapsulated portion to form the entire IPSec tunnel packet with compressed inner headers.
- Outer headers may comprise, for example, outer IP header 232 and IPSec header 234 of packet 230 ( FIG. 2 ).
- the transmitting tunnel device sends the IPSec tunnel packet with compressed inner headers to a receiving tunnel device.
- operations 704 through 710 are repeated for other tunnel packets that are transmitted with compressed inner headers.
- a IPSec tunnel packet with full inner headers may be sent to the receiving tunnel device when, for example, the inner IP header changes, or if there are significant changes to the inner protocol header.
- certain predetermined bits of the IPSec header indicate that the packet is does not contain compressed inner headers.
- FIG. 8 illustrates a flow chart of a tunnel parameter establishment procedure in accordance with an embodiment of the present invention.
- Procedure 800 establishes a security association between two tunnel devices and creates a context sub-table for use in communicating IPSec tunnel packets with compressed inner headers utilizing the security association.
- Procedure 800 may be performed by a tunnel device such as tunnel device 300 ( FIG. 3 ).
- Procedure 800 may be suitable for use in performing operation 702 of procedure 700 ( FIG. 7 ).
- a key exchange process is performed whereby tunnel devices establish encryption and/or authentication keys.
- the process may be an internet key exchange process (IKE).
- IKE internet key exchange process
- each tunnel device has at least one key for use with the IPSec tunnel.
- the location of the key may be referenced in a security association database entry for the tunnel.
- the tunnel device determines whether inner header compression may be performed utilizing the IPSec tunnel.
- inner header compression is an option that may be implemented between two tunnel devices.
- operations 810 and 812 are performed.
- the IPSec protocol for the tunnel is set for an encapsulation security protocol (ESP) or an authentication header (AH) protocol.
- ESP encapsulation security protocol
- AH authentication header
- the security association database entry is created for the tunnel. Details for establishing a security association and a security association database entry may be found, for example, in Network Working Group's RFCs 2401, 2402 and 2406.
- a security association has been established and the tunnel may be used to send at least standard IPSec tunnel packets (e.g., without compressed inner headers) from a transmitting tunnel device to a receiving tunnel device.
- initial IPSec tunnel packets without compressed inner headers are sent from the transmitting tunnel device to the receiving tunnel device.
- These initial IPSec tunnel packets are IPSec tunnel packets with full inner headers and are packets sent between a source and a destination which intend to utilize the IPSec tunnel and communicate IPSec tunnel packets with compressed inner headers.
- operation 810 may comprise sending non-IPSec tunnel packets rather than IPSec tunnel packets.
- operation 810 may send an IPSec encapsulated control packet (i.e., no payload) with full headers to initialize the context sub-table to help avoid any possible maximum transmission unit (MTU) errors.
- MTU maximum transmission unit
- the control packet may be assigned a unique IP protocol identifier to allow it to be identified as a control packet.
- the sending tunnel device may initialize it's own corresponding context sub-table, which may be updated with each packet iteration and to use in generating the compressed headers.
- the IPSec tunnel packets with full inner headers are received by the receiving tunnel device and the receiving tunnel device creates a context sub-table, such as context sub-table 600 ( FIG. 6 ) based at least on the information contained in the inner headers.
- the context sub-table is associated with the security association database entry for the tunnel and may be stored at the receiving tunnel device or in a location so that is accessible to the receiving tunnel device.
- a security association has been established with a context sub table for decompressing inner headers.
- the tunnel may be used to send at least IPSec tunnel packets with compressed inner headers from a transmitting tunnel device to a receiving tunnel device.
- FIG. 9 illustrates a flow chart of an IPSec tunnel packet reception procedure in accordance with an embodiment of the present invention.
- Procedure 900 may be performed by a tunnel device, such as tunnel devices 112 , 114 ( FIG. 1 ) receiving IPSec tunnel packets with compressed inner headers.
- procedure 900 identifies IPSec tunnel packets having compressed headers, decompresses the inner headers and replaces the inner headers with full headers, and routes the packets to an ultimate destination.
- a receiving tunnel device receives an IPSec tunnel packet with compressed headers through an IPSec tunnel with an established security association.
- the receiving tunnel device may determine or verify that the received IPSec tunnel packet has compressed headers by reading certain predetermined bits of the IPSec header of the packet.
- the certain predetermined bits may comprise two bits of the SPI number.
- the certain predetermined bits of the IPSec header may also be used to determine whether a received IPSec tunnel packet with compressed inner headers is a TCP packet or a non-TCP packet.
- the last two LSB of the SPI number may be left as “00” indicating that the packet is a full IPSec tunnel packet (i.e., without compressed inner headers).
- the last two LSB of the SPI number may be set to 01 for TCP packets with compressed inner headers and may be set to 10 for non-TCP packets with compressed inner headers.
- Other ways of determining whether IPSec tunnel packets have compressed inner headers and whether received IPSec tunnel packets are TCP packets may also be suitable for use with the present invention.
- a packet with compressed inner headers may be identified as either a TCP packet or a non-TCP packet by a decompression engine of the receiving tunnel device.
- a security operation is performed on the encapsulated portion of the received IPSec tunnel packet.
- the security operation may comprise a decryption for ESP packets, or may comprise an authentication for AH packets or ESP packets without encryption.
- a portion of the SPI number of the IPSec header references a security association database entry defining the security association for the tunnel.
- the receiving tunnel device may use information in the security association database entry to determine which security operation to perform on the received IPSec tunnel packet and to locate any keys necessary in performing such security operation.
- Performing the security operation in operation 904 reveals or authenticates the compressed inner header along with an optional payload, and a padding field.
- a tunnel header is read at a destination tunnel device to determine whether the IPSec tunnel packet with compressed headers implements an encapsulating security protocol (ESP) or an authentication header (AH) protocol.
- ESP encapsulating security protocol
- AH authentication header
- a portion of a security policy index number contained in the IPSec header is read to identify a security association database entry for an IPSec tunnel between the source tunnel device and the destination tunnel device.
- the security association database entry may include a flag to indicate when the encapsulated portion is encrypted. Operation 904 may refrain from performing decryption when the flag indicates encryption has not been performed on the encapsulated portion.
- the inner headers are decompressed. Certain predetermined bits of the padding refer to a context sub-table accessible to the receiving tunnel device.
- a security association database entry may have many context sub-tables associated therewith. Each context sub-table may be used for decompressing inner headers for IPSec tunnel packets destined for a particular destination which may be beyond the receiving tunnel device.
- the context sub-table may include information to construct the full inner headers.
- the full inner headers may comprise an inner IP header and an inner protocol header which, for example, may correspond with inner IP header 226 and inner protocol header 228 of IPSec tunnel packet 220 ( FIG. 2 ).
- the inner IP header is stored in the context sub-table along with a prior inner protocol header.
- the decompressed inner header identifies fields that have changed in the inner protocol header from the prior inner protocol header.
- operation 906 constructs the inner protocol header based on the information in the decompressed inner header along with information from the context sub-table. At the completion of operation 906 , an inner IP header and inner protocol header replace the decompressed inner header of the received IPSec tunnel packet.
- a sequence number is verified.
- a sequence number stored in the context sub-table is compared to a sequence number received in the packet.
- Sequence numbers of the security association residing in an security association database entry are verified and updated as part of IPSec processing.
- the context sub-table is updated at the receiving tunnel device in accordance with information derived from the compressed inner headers.
- the inner protocol header entry is updated with the most recent inner protocol header recreated in operation 906 and a generation number field may also be updated to indicate a next generation of the inner protocol header. A last sequence number field may also be incremented.
- the outer headers of the IPSec tunnel packet may be removed.
- the outer headers may include an outer IP header and an IPSec header which may correspond with outer IP header 222 and IPSec header 224 of packet 220 ( FIG. 2 ).
- Operation 912 may be performed at any time during or after the performance of operation 902 .
- the receiving tunnel device sends the packet to it's ultimate destination.
- the ultimate destination may be identified by a destination address in the inner IP header.
- the packet at this point in procedure 900 is no longer an IPSec tunnel packet and may comprise a conventional IP packet. In other words, the packet may have no outer headers or encapsulated portion.
- the packet may be sent out of the IPSec tunnel.
- the destination may be an ultimate destination of the packet and may be beyond the receiving tunnel device.
- a conventional IP header compression scheme may be implemented in operation 914 before routing the IP packet to its destination.
- operations 902 through 914 may be repeated for subsequently received packets at the receiving tunnel device.
Abstract
Description
Claims (28)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/998,715 US7215667B1 (en) | 2001-11-30 | 2001-11-30 | System and method for communicating IPSec tunnel packets with compressed inner headers |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/998,715 US7215667B1 (en) | 2001-11-30 | 2001-11-30 | System and method for communicating IPSec tunnel packets with compressed inner headers |
Publications (1)
Publication Number | Publication Date |
---|---|
US7215667B1 true US7215667B1 (en) | 2007-05-08 |
Family
ID=38001060
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/998,715 Expired - Lifetime US7215667B1 (en) | 2001-11-30 | 2001-11-30 | System and method for communicating IPSec tunnel packets with compressed inner headers |
Country Status (1)
Country | Link |
---|---|
US (1) | US7215667B1 (en) |
Cited By (81)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040034717A1 (en) * | 2002-06-12 | 2004-02-19 | Ghyslain Pelletier | Method and apparatus for increased Internet Protocol (IP) headers compression performance by reporting cause of missing packets |
US20060047784A1 (en) * | 2004-09-01 | 2006-03-02 | Shuping Li | Method, apparatus and system for remotely and dynamically configuring network elements in a network |
US20060083234A1 (en) * | 2004-10-20 | 2006-04-20 | Samsung Electronics Co., Ltd. | Method and apparatus for transmitting and receiving data via wireless universal serial bus (WUSB) |
US20070038815A1 (en) * | 2005-08-12 | 2007-02-15 | Silver Peak Systems, Inc. | Network memory appliance |
US20070038858A1 (en) * | 2005-08-12 | 2007-02-15 | Silver Peak Systems, Inc. | Compliance in a network memory architecture |
US20070186100A1 (en) * | 2006-02-03 | 2007-08-09 | Fujitsu Limited | Packet communication system |
US20080031240A1 (en) * | 2006-08-02 | 2008-02-07 | Silver Peak Systems, Inc. | Data matching using flow based packet data storage |
US20080095367A1 (en) * | 2004-03-19 | 2008-04-24 | Cisco Technology, Inc. | Methods and apparatus for confidentiality protection for fibre channel common transport |
US20080127297A1 (en) * | 2006-11-29 | 2008-05-29 | Red Hat, Inc. | Method and system for sharing labeled information between different security realms |
US20080123652A1 (en) * | 2006-11-29 | 2008-05-29 | Bora Akyol | Method and system for tunneling macsec packets through non-macsec nodes |
EP1983720A1 (en) * | 2007-04-20 | 2008-10-22 | Siemens AG Österreich | Method and device for reducing the amount of data in a packet-oriented data network |
EP1998514A2 (en) * | 2007-05-29 | 2008-12-03 | France Télécom | Handling of packets in order to communicate with a machine over one or more secondary networks |
EP2007078A1 (en) * | 2007-06-19 | 2008-12-24 | Panasonic Corporation | Header size reduction of data packets |
US20090249059A1 (en) * | 2008-03-31 | 2009-10-01 | Fujitsu Microelectronics Limited | Packet encryption method, packet decryption method and decryption device |
US7606229B1 (en) * | 2002-11-08 | 2009-10-20 | Cisco Technology, Inc. | Generic bridge packet tunneling |
US20100002628A1 (en) * | 2006-08-29 | 2010-01-07 | Motorola, Inc. | Method, apparatus and communication network for the transmission of data |
US20100070605A1 (en) * | 2007-03-15 | 2010-03-18 | David Anthony Hughes | Dynamic Load Management of Network Memory |
US20100124239A1 (en) * | 2008-11-20 | 2010-05-20 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data |
US20100130171A1 (en) * | 2008-11-26 | 2010-05-27 | Qualcomm Incorporated | Method and apparatus to perform secure registration of femto access points |
US20100177789A1 (en) * | 2009-01-13 | 2010-07-15 | Fujitsu Limited | Device and Method for Reducing Overhead in a Wireless Network |
US20100214978A1 (en) * | 2009-02-24 | 2010-08-26 | Fujitsu Limited | System and Method for Reducing Overhead in a Wireless Network |
US20100228974A1 (en) * | 2009-03-03 | 2010-09-09 | Harris Corporation Corporation Of The State Of Delaware | VLAN TAGGING OVER IPSec TUNNELS |
US20110016313A1 (en) * | 2009-07-15 | 2011-01-20 | Qualcomm Incorporated | HEADER COMPRESSION FOR TUNNELED IPsec PACKET |
US7948921B1 (en) * | 2007-09-20 | 2011-05-24 | Silver Peak Systems, Inc. | Automatic network optimization |
US7965843B1 (en) | 2001-12-27 | 2011-06-21 | Cisco Technology, Inc. | Methods and apparatus for security over fibre channel |
US20110149848A1 (en) * | 2009-08-17 | 2011-06-23 | Qualcomm Incorporated | Header compression for relay nodes |
US8031607B2 (en) * | 2009-01-29 | 2011-10-04 | Alcatel Lucent | Implementation of internet protocol header compression with traffic management quality of service |
US8095774B1 (en) | 2007-07-05 | 2012-01-10 | Silver Peak Systems, Inc. | Pre-fetching data into a memory |
US8171238B1 (en) | 2007-07-05 | 2012-05-01 | Silver Peak Systems, Inc. | Identification of data stored in memory |
US8284932B2 (en) | 2007-10-15 | 2012-10-09 | Adobe Systems Incorporated | Imparting cryptographic information in network communications |
US8285867B1 (en) | 2003-02-13 | 2012-10-09 | Adobe Systems Incorporated | Real-time priority-based media communication |
US8307115B1 (en) | 2007-11-30 | 2012-11-06 | Silver Peak Systems, Inc. | Network memory mirroring |
US20120287784A1 (en) * | 2011-05-10 | 2012-11-15 | Cisco Technology, Inc. | System and method for integrated quality of service in a wireless network environment |
US8442052B1 (en) | 2008-02-20 | 2013-05-14 | Silver Peak Systems, Inc. | Forward packet recovery |
US8489562B1 (en) | 2007-11-30 | 2013-07-16 | Silver Peak Systems, Inc. | Deferred data storage |
US8627061B1 (en) | 2008-08-25 | 2014-01-07 | Apriva, Llc | Method and system for employing a fixed IP address based encryption device in a dynamic IP address based network |
US8630247B2 (en) | 2011-02-15 | 2014-01-14 | Cisco Technology, Inc. | System and method for managing tracking area identity lists in a mobile network environment |
US8724467B2 (en) | 2011-02-04 | 2014-05-13 | Cisco Technology, Inc. | System and method for managing congestion in a network environment |
US8743683B1 (en) | 2008-07-03 | 2014-06-03 | Silver Peak Systems, Inc. | Quality of service using multiple flows |
JP2014183562A (en) * | 2013-03-21 | 2014-09-29 | Fujitsu Ltd | Encryption communication device, encryption communication method, and encryption communication program |
US20140314088A1 (en) * | 2011-12-20 | 2014-10-23 | Huawei Technologies Co., Ltd. | Method for obtaining internet protocol header replacement mapping and network node |
US8885632B2 (en) | 2006-08-02 | 2014-11-11 | Silver Peak Systems, Inc. | Communications scheduler |
US8891373B2 (en) | 2011-02-15 | 2014-11-18 | Cisco Technology, Inc. | System and method for synchronizing quality of service in a wireless network environment |
US8902815B2 (en) | 2011-07-10 | 2014-12-02 | Cisco Technology, Inc. | System and method for subscriber mobility in a cable network environment |
US8929402B1 (en) | 2005-09-29 | 2015-01-06 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data by predicting subsequent data |
US9130991B2 (en) | 2011-10-14 | 2015-09-08 | Silver Peak Systems, Inc. | Processing data packets in performance enhancing proxy (PEP) environment |
US20150281120A1 (en) * | 2014-03-31 | 2015-10-01 | Juniper Networks, Inc. | Flow-control within a high-performance, scalable and drop-free data center switch fabric |
US9198209B2 (en) | 2012-08-21 | 2015-11-24 | Cisco Technology, Inc. | Providing integrated end-to-end architecture that includes quality of service transport for tunneled traffic |
US20160026802A1 (en) * | 2009-11-23 | 2016-01-28 | At&T Intellectual Property I, L.P. | Tailored Protection of Personally Identifiable Information |
US20160149809A1 (en) * | 2014-11-21 | 2016-05-26 | Thales | Data communication method between a roaming radio equipment item and a network access gateway |
US9479457B2 (en) | 2014-03-31 | 2016-10-25 | Juniper Networks, Inc. | High-performance, scalable and drop-free data center switch fabric |
US9626224B2 (en) | 2011-11-03 | 2017-04-18 | Silver Peak Systems, Inc. | Optimizing available computing resources within a virtual environment |
US9703743B2 (en) | 2014-03-31 | 2017-07-11 | Juniper Networks, Inc. | PCIe-based host network accelerators (HNAS) for data center overlay network |
US9717021B2 (en) | 2008-07-03 | 2017-07-25 | Silver Peak Systems, Inc. | Virtual network overlay |
US20170237835A1 (en) * | 2014-08-21 | 2017-08-17 | Nokia Technologies Oy | Ipv4 communications using 6lowpan header compression mechanisms |
US9875344B1 (en) | 2014-09-05 | 2018-01-23 | Silver Peak Systems, Inc. | Dynamic monitoring and authorization of an optimization device |
US9898317B2 (en) | 2012-06-06 | 2018-02-20 | Juniper Networks, Inc. | Physical path determination for virtual network packet flows |
US9948496B1 (en) | 2014-07-30 | 2018-04-17 | Silver Peak Systems, Inc. | Determining a transit appliance for data traffic to a software service |
US9967056B1 (en) | 2016-08-19 | 2018-05-08 | Silver Peak Systems, Inc. | Forward packet recovery with constrained overhead |
US10164861B2 (en) | 2015-12-28 | 2018-12-25 | Silver Peak Systems, Inc. | Dynamic monitoring and visualization for network health characteristics |
US10243840B2 (en) | 2017-03-01 | 2019-03-26 | Juniper Networks, Inc. | Network interface card switching for virtual networks |
US10257082B2 (en) | 2017-02-06 | 2019-04-09 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows |
US10432484B2 (en) | 2016-06-13 | 2019-10-01 | Silver Peak Systems, Inc. | Aggregating select network traffic statistics |
US10637721B2 (en) | 2018-03-12 | 2020-04-28 | Silver Peak Systems, Inc. | Detecting path break conditions while minimizing network overhead |
US10652220B1 (en) * | 2018-05-09 | 2020-05-12 | Architecture Technology Corporation | Systems and methods for secure data transport |
US10771394B2 (en) | 2017-02-06 | 2020-09-08 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows on a first packet from DNS data |
US10798014B1 (en) * | 2019-04-05 | 2020-10-06 | Arista Networks, Inc. | Egress maximum transmission unit (MTU) enforcement |
US10805840B2 (en) | 2008-07-03 | 2020-10-13 | Silver Peak Systems, Inc. | Data transmission via a virtual wide area network overlay |
US10892978B2 (en) | 2017-02-06 | 2021-01-12 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows from first packet data |
US10979402B1 (en) | 2018-05-09 | 2021-04-13 | Architecture Technology Corporation | Systems and methods for data in transit encryption |
US10986076B1 (en) * | 2016-09-08 | 2021-04-20 | Rockwell Collins, Inc. | Information flow enforcement for IP domain in multilevel secure systems |
US10992591B1 (en) * | 2019-03-12 | 2021-04-27 | Juniper Networks, Inc | Apparatus, system, and method for discovering path maximum transmission units |
US11044202B2 (en) | 2017-02-06 | 2021-06-22 | Silver Peak Systems, Inc. | Multi-level learning for predicting and classifying traffic flows from first packet data |
US11115398B2 (en) * | 2017-03-08 | 2021-09-07 | Abb Power Grids Switzerland Ag | Methods and devices for preserving relative timing and ordering of data packets in a network |
US11159940B2 (en) * | 2016-10-04 | 2021-10-26 | Orange | Method for mutual authentication between user equipment and a communication network |
US11164674B2 (en) * | 2017-05-15 | 2021-11-02 | Medtronic, Inc. | Multimodal cryptographic data communications in a remote patient monitoring environment |
US11212210B2 (en) | 2017-09-21 | 2021-12-28 | Silver Peak Systems, Inc. | Selective route exporting using source type |
US20220247719A1 (en) * | 2019-09-24 | 2022-08-04 | Pribit Technology, Inc. | Network Access Control System And Method Therefor |
US20230028529A1 (en) * | 2021-07-22 | 2023-01-26 | Vmware, Inc. | Managing processing queue allocation based on addressing attributes of an inner packet |
US20230262035A1 (en) * | 2022-02-15 | 2023-08-17 | Hewlett Packard Enterprise Development Lp | Internet protocol security (ipsec) security associations (sa) balance between heterogeneous cores in multiple controller system |
US11968193B1 (en) | 2022-11-14 | 2024-04-23 | Architecture Technology Corporation | Systems and methods for receiving secure data |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5535199A (en) | 1994-09-06 | 1996-07-09 | Sun Microsystems, Inc. | TCP/IP header compression X.25 networks |
US5987022A (en) | 1996-12-27 | 1999-11-16 | Motorola, Inc. | Method for transmitting multiple-protocol packetized data |
US6032197A (en) | 1997-09-25 | 2000-02-29 | Microsoft Corporation | Data packet header compression for unidirectional transmission |
US6041054A (en) * | 1997-09-24 | 2000-03-21 | Telefonaktiebolaget Lm Ericsson | Efficient transport of internet protocol packets using asynchronous transfer mode adaptation layer two |
US20020083344A1 (en) * | 2000-12-21 | 2002-06-27 | Vairavan Kannan P. | Integrated intelligent inter/intra networking device |
US6618397B1 (en) * | 2000-10-05 | 2003-09-09 | Provisionpoint Communications, Llc. | Group packet encapsulation and compression system and method |
US6668282B1 (en) * | 2000-08-02 | 2003-12-23 | International Business Machines Corporation | System and method to monitor and determine if an active IPSec tunnel has become disabled |
US6754231B1 (en) * | 1999-06-18 | 2004-06-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Robust header compression in packet communications |
-
2001
- 2001-11-30 US US09/998,715 patent/US7215667B1/en not_active Expired - Lifetime
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5535199A (en) | 1994-09-06 | 1996-07-09 | Sun Microsystems, Inc. | TCP/IP header compression X.25 networks |
US5987022A (en) | 1996-12-27 | 1999-11-16 | Motorola, Inc. | Method for transmitting multiple-protocol packetized data |
US6041054A (en) * | 1997-09-24 | 2000-03-21 | Telefonaktiebolaget Lm Ericsson | Efficient transport of internet protocol packets using asynchronous transfer mode adaptation layer two |
US6032197A (en) | 1997-09-25 | 2000-02-29 | Microsoft Corporation | Data packet header compression for unidirectional transmission |
US6754231B1 (en) * | 1999-06-18 | 2004-06-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Robust header compression in packet communications |
US6668282B1 (en) * | 2000-08-02 | 2003-12-23 | International Business Machines Corporation | System and method to monitor and determine if an active IPSec tunnel has become disabled |
US6618397B1 (en) * | 2000-10-05 | 2003-09-09 | Provisionpoint Communications, Llc. | Group packet encapsulation and compression system and method |
US20020083344A1 (en) * | 2000-12-21 | 2002-06-27 | Vairavan Kannan P. | Integrated intelligent inter/intra networking device |
Non-Patent Citations (6)
Title |
---|
Casner, S.L., et al., "Compressing IP/UDP/RTP Headers for Low-Speed Serial Links", RFC 2508 Network Working Group, 1-19, (Feb. 1999). |
Degermark, M., et al., "IP Header Compression", RFC 2507, 1-36, (Feb. 1999). |
Jacobson, V., "Compressing TCP/IP Headers for Low-Speed Serial Links", RFC 1144 by Network Working Group, 1-39, (Feb. 1990). |
Kent, S., et al., "IP Authentication Header", RFC 2402 by Network Working Group, 1-17, (Nov. 1998). |
Kent, S., et al., "IP Encapsulating Security Payload (ESP)", RFC 2406 by Network Working Group, 1-17, (Nov. 1998). |
Kent, S., et al., "Security Architecture for the Internet Protocol", RFC 2401 by Network Working Group, 1-51, (Nov. 1998). |
Cited By (184)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110219438A1 (en) * | 2001-12-27 | 2011-09-08 | Cisco Technology, Inc. | Methods and apparatus for security over fibre channel |
US10298595B2 (en) | 2001-12-27 | 2019-05-21 | Cisco Technology, Inc. | Methods and apparatus for security over fibre channel |
US8914858B2 (en) | 2001-12-27 | 2014-12-16 | Cisco Technology, Inc. | Methods and apparatus for security over fibre channel |
US7965843B1 (en) | 2001-12-27 | 2011-06-21 | Cisco Technology, Inc. | Methods and apparatus for security over fibre channel |
US20040034717A1 (en) * | 2002-06-12 | 2004-02-19 | Ghyslain Pelletier | Method and apparatus for increased Internet Protocol (IP) headers compression performance by reporting cause of missing packets |
US8619592B2 (en) * | 2002-06-12 | 2013-12-31 | Telefonaktiebolaget L M Ericsson (Publ) | Method and apparatus for increased internet protocol (IP) headers compression performance by reporting cause of missing packets |
US7606229B1 (en) * | 2002-11-08 | 2009-10-20 | Cisco Technology, Inc. | Generic bridge packet tunneling |
US8285867B1 (en) | 2003-02-13 | 2012-10-09 | Adobe Systems Incorporated | Real-time priority-based media communication |
US8301796B2 (en) | 2003-02-13 | 2012-10-30 | Adobe Systems Incorporated | Real-time priority-based media communication |
US20080095367A1 (en) * | 2004-03-19 | 2008-04-24 | Cisco Technology, Inc. | Methods and apparatus for confidentiality protection for fibre channel common transport |
US20060047784A1 (en) * | 2004-09-01 | 2006-03-02 | Shuping Li | Method, apparatus and system for remotely and dynamically configuring network elements in a network |
US20060083234A1 (en) * | 2004-10-20 | 2006-04-20 | Samsung Electronics Co., Ltd. | Method and apparatus for transmitting and receiving data via wireless universal serial bus (WUSB) |
US20070050475A1 (en) * | 2005-08-12 | 2007-03-01 | Silver Peak Systems, Inc. | Network memory architecture |
US8370583B2 (en) | 2005-08-12 | 2013-02-05 | Silver Peak Systems, Inc. | Network memory architecture for providing data based on local accessibility |
US8392684B2 (en) | 2005-08-12 | 2013-03-05 | Silver Peak Systems, Inc. | Data encryption in a network memory architecture for providing data based on local accessibility |
US8312226B2 (en) | 2005-08-12 | 2012-11-13 | Silver Peak Systems, Inc. | Network memory appliance for providing data based on local accessibility |
US9363248B1 (en) | 2005-08-12 | 2016-06-07 | Silver Peak Systems, Inc. | Data encryption in a network memory architecture for providing data based on local accessibility |
US8732423B1 (en) | 2005-08-12 | 2014-05-20 | Silver Peak Systems, Inc. | Data encryption in a network memory architecture for providing data based on local accessibility |
US10091172B1 (en) | 2005-08-12 | 2018-10-02 | Silver Peak Systems, Inc. | Data encryption in a network memory architecture for providing data based on local accessibility |
US20070038858A1 (en) * | 2005-08-12 | 2007-02-15 | Silver Peak Systems, Inc. | Compliance in a network memory architecture |
US20070038815A1 (en) * | 2005-08-12 | 2007-02-15 | Silver Peak Systems, Inc. | Network memory appliance |
US9036662B1 (en) | 2005-09-29 | 2015-05-19 | Silver Peak Systems, Inc. | Compressing packet data |
US9363309B2 (en) | 2005-09-29 | 2016-06-07 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data by predicting subsequent data |
US9712463B1 (en) | 2005-09-29 | 2017-07-18 | Silver Peak Systems, Inc. | Workload optimization in a wide area network utilizing virtual switches |
US8929402B1 (en) | 2005-09-29 | 2015-01-06 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data by predicting subsequent data |
US9549048B1 (en) | 2005-09-29 | 2017-01-17 | Silver Peak Systems, Inc. | Transferring compressed packet data over a network |
US7861080B2 (en) * | 2006-02-03 | 2010-12-28 | Fujitisu Limited | Packet communication system |
JP2007208855A (en) * | 2006-02-03 | 2007-08-16 | Fujitsu Ltd | Packet communication system |
US20070186100A1 (en) * | 2006-02-03 | 2007-08-09 | Fujitsu Limited | Packet communication system |
JP4592611B2 (en) * | 2006-02-03 | 2010-12-01 | 富士通株式会社 | Packet communication system |
US9438538B2 (en) | 2006-08-02 | 2016-09-06 | Silver Peak Systems, Inc. | Data matching using flow based packet data storage |
US9584403B2 (en) | 2006-08-02 | 2017-02-28 | Silver Peak Systems, Inc. | Communications scheduler |
US8755381B2 (en) | 2006-08-02 | 2014-06-17 | Silver Peak Systems, Inc. | Data matching using flow based packet data storage |
US20080031240A1 (en) * | 2006-08-02 | 2008-02-07 | Silver Peak Systems, Inc. | Data matching using flow based packet data storage |
US8885632B2 (en) | 2006-08-02 | 2014-11-11 | Silver Peak Systems, Inc. | Communications scheduler |
US9961010B2 (en) | 2006-08-02 | 2018-05-01 | Silver Peak Systems, Inc. | Communications scheduler |
US8929380B1 (en) | 2006-08-02 | 2015-01-06 | Silver Peak Systems, Inc. | Data matching using flow based packet data storage |
US9191342B2 (en) | 2006-08-02 | 2015-11-17 | Silver Peak Systems, Inc. | Data matching using flow based packet data storage |
US20100002628A1 (en) * | 2006-08-29 | 2010-01-07 | Motorola, Inc. | Method, apparatus and communication network for the transmission of data |
US8607302B2 (en) * | 2006-11-29 | 2013-12-10 | Red Hat, Inc. | Method and system for sharing labeled information between different security realms |
US7729276B2 (en) * | 2006-11-29 | 2010-06-01 | Broadcom Corporation | Method and system for tunneling MACSec packets through non-MACSec nodes |
US20080127297A1 (en) * | 2006-11-29 | 2008-05-29 | Red Hat, Inc. | Method and system for sharing labeled information between different security realms |
US20080123652A1 (en) * | 2006-11-29 | 2008-05-29 | Bora Akyol | Method and system for tunneling macsec packets through non-macsec nodes |
US20100070605A1 (en) * | 2007-03-15 | 2010-03-18 | David Anthony Hughes | Dynamic Load Management of Network Memory |
US7945736B2 (en) | 2007-03-15 | 2011-05-17 | Silver Peak Systems, Inc. | Dynamic load management of network memory |
EP1983720A1 (en) * | 2007-04-20 | 2008-10-22 | Siemens AG Österreich | Method and device for reducing the amount of data in a packet-oriented data network |
US20080298377A1 (en) * | 2007-05-29 | 2008-12-04 | France Telecom | Method for processing data packets while communicating with a machine via one or more secondary networks |
EP1998514A3 (en) * | 2007-05-29 | 2011-03-23 | France Telecom | Handling of packets in order to communicate with a machine over one or more secondary networks |
US8130765B2 (en) * | 2007-05-29 | 2012-03-06 | France Telecom | Method for processing data packets while communicating with a machine via one or more secondary networks |
EP1998514A2 (en) * | 2007-05-29 | 2008-12-03 | France Télécom | Handling of packets in order to communicate with a machine over one or more secondary networks |
WO2009015727A1 (en) | 2007-06-19 | 2009-02-05 | Panasonic Corporation | Header size reductions of data packets |
EP2007078A1 (en) * | 2007-06-19 | 2008-12-24 | Panasonic Corporation | Header size reduction of data packets |
US20100189103A1 (en) * | 2007-06-19 | 2010-07-29 | Panasonic Corporation | Header Size Reduction of Data Packets |
US9307442B2 (en) | 2007-06-19 | 2016-04-05 | Panasonic Intellectual Property Corporation Of America | Header size reduction of data packets |
JP2010530681A (en) * | 2007-06-19 | 2010-09-09 | パナソニック株式会社 | Reduced data packet header size |
US9253277B2 (en) | 2007-07-05 | 2016-02-02 | Silver Peak Systems, Inc. | Pre-fetching stored data from a memory |
US8473714B2 (en) | 2007-07-05 | 2013-06-25 | Silver Peak Systems, Inc. | Pre-fetching data into a memory |
US8095774B1 (en) | 2007-07-05 | 2012-01-10 | Silver Peak Systems, Inc. | Pre-fetching data into a memory |
US8171238B1 (en) | 2007-07-05 | 2012-05-01 | Silver Peak Systems, Inc. | Identification of data stored in memory |
US9092342B2 (en) | 2007-07-05 | 2015-07-28 | Silver Peak Systems, Inc. | Pre-fetching data into a memory |
US8225072B2 (en) | 2007-07-05 | 2012-07-17 | Silver Peak Systems, Inc. | Pre-fetching data into a memory |
US9152574B2 (en) | 2007-07-05 | 2015-10-06 | Silver Peak Systems, Inc. | Identification of non-sequential data stored in memory |
US8738865B1 (en) | 2007-07-05 | 2014-05-27 | Silver Peak Systems, Inc. | Identification of data stored in memory |
US7948921B1 (en) * | 2007-09-20 | 2011-05-24 | Silver Peak Systems, Inc. | Automatic network optimization |
US8284932B2 (en) | 2007-10-15 | 2012-10-09 | Adobe Systems Incorporated | Imparting cryptographic information in network communications |
US8542825B2 (en) | 2007-10-15 | 2013-09-24 | Adobe Systems Incorporated | Imparting cryptographic information in network communications |
US9055051B2 (en) | 2007-10-15 | 2015-06-09 | Adobe Systems Incorporated | Imparting cryptographic information in network communications |
US9613071B1 (en) | 2007-11-30 | 2017-04-04 | Silver Peak Systems, Inc. | Deferred data storage |
US8307115B1 (en) | 2007-11-30 | 2012-11-06 | Silver Peak Systems, Inc. | Network memory mirroring |
US8489562B1 (en) | 2007-11-30 | 2013-07-16 | Silver Peak Systems, Inc. | Deferred data storage |
US8595314B1 (en) | 2007-11-30 | 2013-11-26 | Silver Peak Systems, Inc. | Deferred data storage |
US8442052B1 (en) | 2008-02-20 | 2013-05-14 | Silver Peak Systems, Inc. | Forward packet recovery |
US20090249059A1 (en) * | 2008-03-31 | 2009-10-01 | Fujitsu Microelectronics Limited | Packet encryption method, packet decryption method and decryption device |
US10805840B2 (en) | 2008-07-03 | 2020-10-13 | Silver Peak Systems, Inc. | Data transmission via a virtual wide area network overlay |
US9143455B1 (en) | 2008-07-03 | 2015-09-22 | Silver Peak Systems, Inc. | Quality of service using multiple flows |
US11419011B2 (en) | 2008-07-03 | 2022-08-16 | Hewlett Packard Enterprise Development Lp | Data transmission via bonded tunnels of a virtual wide area network overlay with error correction |
US9397951B1 (en) | 2008-07-03 | 2016-07-19 | Silver Peak Systems, Inc. | Quality of service using multiple flows |
US9717021B2 (en) | 2008-07-03 | 2017-07-25 | Silver Peak Systems, Inc. | Virtual network overlay |
US11412416B2 (en) | 2008-07-03 | 2022-08-09 | Hewlett Packard Enterprise Development Lp | Data transmission via bonded tunnels of a virtual wide area network overlay |
US10313930B2 (en) | 2008-07-03 | 2019-06-04 | Silver Peak Systems, Inc. | Virtual wide area network overlays |
US8743683B1 (en) | 2008-07-03 | 2014-06-03 | Silver Peak Systems, Inc. | Quality of service using multiple flows |
US8627061B1 (en) | 2008-08-25 | 2014-01-07 | Apriva, Llc | Method and system for employing a fixed IP address based encryption device in a dynamic IP address based network |
US8811431B2 (en) | 2008-11-20 | 2014-08-19 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data |
US20100124239A1 (en) * | 2008-11-20 | 2010-05-20 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data |
CN102224748B (en) * | 2008-11-26 | 2015-06-17 | 高通股份有限公司 | Method and apparatus to perform secure registration of femto access points in network controlled by operators |
CN105101204A (en) * | 2008-11-26 | 2015-11-25 | 高通股份有限公司 | Method and apparatus to perform secure registration of femto access points in operator-controlled network |
US8886164B2 (en) * | 2008-11-26 | 2014-11-11 | Qualcomm Incorporated | Method and apparatus to perform secure registration of femto access points |
CN105101204B (en) * | 2008-11-26 | 2019-01-11 | 高通股份有限公司 | Method and apparatus for executing the secure registration of femto access point in the network that operator controls |
CN102224748A (en) * | 2008-11-26 | 2011-10-19 | 高通股份有限公司 | Method and apparatus to perform secure registration of femto access points |
US20100130171A1 (en) * | 2008-11-26 | 2010-05-27 | Qualcomm Incorporated | Method and apparatus to perform secure registration of femto access points |
US7899056B2 (en) | 2009-01-13 | 2011-03-01 | Fujitsu Limited | Device and method for reducing overhead in a wireless network |
US20100177789A1 (en) * | 2009-01-13 | 2010-07-15 | Fujitsu Limited | Device and Method for Reducing Overhead in a Wireless Network |
US8031607B2 (en) * | 2009-01-29 | 2011-10-04 | Alcatel Lucent | Implementation of internet protocol header compression with traffic management quality of service |
US8023513B2 (en) | 2009-02-24 | 2011-09-20 | Fujitsu Limited | System and method for reducing overhead in a wireless network |
US20100214978A1 (en) * | 2009-02-24 | 2010-08-26 | Fujitsu Limited | System and Method for Reducing Overhead in a Wireless Network |
US8181009B2 (en) | 2009-03-03 | 2012-05-15 | Harris Corporation | VLAN tagging over IPSec tunnels |
US20100228974A1 (en) * | 2009-03-03 | 2010-09-09 | Harris Corporation Corporation Of The State Of Delaware | VLAN TAGGING OVER IPSec TUNNELS |
US20110016313A1 (en) * | 2009-07-15 | 2011-01-20 | Qualcomm Incorporated | HEADER COMPRESSION FOR TUNNELED IPsec PACKET |
US20110149848A1 (en) * | 2009-08-17 | 2011-06-23 | Qualcomm Incorporated | Header compression for relay nodes |
US20160026802A1 (en) * | 2009-11-23 | 2016-01-28 | At&T Intellectual Property I, L.P. | Tailored Protection of Personally Identifiable Information |
US9721108B2 (en) * | 2009-11-23 | 2017-08-01 | At&T Intellectual Property I, L.P. | Tailored protection of personally identifiable information |
US11003782B2 (en) | 2009-11-23 | 2021-05-11 | At&T Intellectual Property I, L.P. | Protection of personally identifiable information |
US10579804B2 (en) | 2009-11-23 | 2020-03-03 | At&T Intellectual Property I, L.P. | Tailored protection of personally identifiable information |
US9326181B2 (en) | 2011-02-04 | 2016-04-26 | Cisco Technology, Inc. | System and method for managing congestion in a network environment |
US8724467B2 (en) | 2011-02-04 | 2014-05-13 | Cisco Technology, Inc. | System and method for managing congestion in a network environment |
US8630247B2 (en) | 2011-02-15 | 2014-01-14 | Cisco Technology, Inc. | System and method for managing tracking area identity lists in a mobile network environment |
US9173155B2 (en) | 2011-02-15 | 2015-10-27 | Cisco Technology, Inc. | System and method for managing tracking area identity lists in a mobile network environment |
US8891373B2 (en) | 2011-02-15 | 2014-11-18 | Cisco Technology, Inc. | System and method for synchronizing quality of service in a wireless network environment |
US20120287784A1 (en) * | 2011-05-10 | 2012-11-15 | Cisco Technology, Inc. | System and method for integrated quality of service in a wireless network environment |
US8902815B2 (en) | 2011-07-10 | 2014-12-02 | Cisco Technology, Inc. | System and method for subscriber mobility in a cable network environment |
US9130991B2 (en) | 2011-10-14 | 2015-09-08 | Silver Peak Systems, Inc. | Processing data packets in performance enhancing proxy (PEP) environment |
US9906630B2 (en) | 2011-10-14 | 2018-02-27 | Silver Peak Systems, Inc. | Processing data packets in performance enhancing proxy (PEP) environment |
US9626224B2 (en) | 2011-11-03 | 2017-04-18 | Silver Peak Systems, Inc. | Optimizing available computing resources within a virtual environment |
US9560175B2 (en) * | 2011-12-20 | 2017-01-31 | Huawei Technologies Co., Ltd. | Method for obtaining internet protocol header replacement mapping and network node |
US20170099370A1 (en) * | 2011-12-20 | 2017-04-06 | Huawei Technologies Co., Ltd. | Method for obtaining internet protocol header replacement mapping and network node |
CN106937329B (en) * | 2011-12-20 | 2021-04-20 | 华为技术有限公司 | Method for acquiring Internet protocol header replacement mapping relation and network node |
US10491717B2 (en) * | 2011-12-20 | 2019-11-26 | Huawei Technologies Co., Ltd. | Method for obtaining internet protocol header replacement mapping and network node |
US11388269B2 (en) * | 2011-12-20 | 2022-07-12 | Huawei Technologies Co., Ltd. | Method for obtaining internet protocol header replacement mapping and network node |
US20140314088A1 (en) * | 2011-12-20 | 2014-10-23 | Huawei Technologies Co., Ltd. | Method for obtaining internet protocol header replacement mapping and network node |
CN106937329A (en) * | 2011-12-20 | 2017-07-07 | 华为技术有限公司 | Internet protocol head replaces the acquisition methods and network node of mapping relations |
US9898317B2 (en) | 2012-06-06 | 2018-02-20 | Juniper Networks, Inc. | Physical path determination for virtual network packet flows |
US10565001B2 (en) | 2012-06-06 | 2020-02-18 | Juniper Networks, Inc. | Distributed virtual network controller |
US9198209B2 (en) | 2012-08-21 | 2015-11-24 | Cisco Technology, Inc. | Providing integrated end-to-end architecture that includes quality of service transport for tunneled traffic |
JP2014183562A (en) * | 2013-03-21 | 2014-09-29 | Fujitsu Ltd | Encryption communication device, encryption communication method, and encryption communication program |
US20150281120A1 (en) * | 2014-03-31 | 2015-10-01 | Juniper Networks, Inc. | Flow-control within a high-performance, scalable and drop-free data center switch fabric |
US9485191B2 (en) * | 2014-03-31 | 2016-11-01 | Juniper Networks, Inc. | Flow-control within a high-performance, scalable and drop-free data center switch fabric |
US9703743B2 (en) | 2014-03-31 | 2017-07-11 | Juniper Networks, Inc. | PCIe-based host network accelerators (HNAS) for data center overlay network |
US9479457B2 (en) | 2014-03-31 | 2016-10-25 | Juniper Networks, Inc. | High-performance, scalable and drop-free data center switch fabric |
US10382362B2 (en) | 2014-03-31 | 2019-08-13 | Juniper Networks, Inc. | Network server having hardware-based virtual router integrated circuit for virtual networking |
US9954798B2 (en) | 2014-03-31 | 2018-04-24 | Juniper Networks, Inc. | Network interface card having embedded virtual router |
US11381493B2 (en) | 2014-07-30 | 2022-07-05 | Hewlett Packard Enterprise Development Lp | Determining a transit appliance for data traffic to a software service |
US10812361B2 (en) | 2014-07-30 | 2020-10-20 | Silver Peak Systems, Inc. | Determining a transit appliance for data traffic to a software service |
US9948496B1 (en) | 2014-07-30 | 2018-04-17 | Silver Peak Systems, Inc. | Determining a transit appliance for data traffic to a software service |
US11374845B2 (en) | 2014-07-30 | 2022-06-28 | Hewlett Packard Enterprise Development Lp | Determining a transit appliance for data traffic to a software service |
US20170237835A1 (en) * | 2014-08-21 | 2017-08-17 | Nokia Technologies Oy | Ipv4 communications using 6lowpan header compression mechanisms |
US11528346B2 (en) * | 2014-08-21 | 2022-12-13 | Nokia Technologies Oy | IPv4 communications using 6lowpan header compression mechanisms |
US11921827B2 (en) * | 2014-09-05 | 2024-03-05 | Hewlett Packard Enterprise Development Lp | Dynamic monitoring and authorization of an optimization device |
US9875344B1 (en) | 2014-09-05 | 2018-01-23 | Silver Peak Systems, Inc. | Dynamic monitoring and authorization of an optimization device |
US10719588B2 (en) | 2014-09-05 | 2020-07-21 | Silver Peak Systems, Inc. | Dynamic monitoring and authorization of an optimization device |
US20210192015A1 (en) * | 2014-09-05 | 2021-06-24 | Silver Peak Systems, Inc. | Dynamic monitoring and authorization of an optimization device |
US11954184B2 (en) | 2014-09-05 | 2024-04-09 | Hewlett Packard Enterprise Development Lp | Dynamic monitoring and authorization of an optimization device |
US10885156B2 (en) | 2014-09-05 | 2021-01-05 | Silver Peak Systems, Inc. | Dynamic monitoring and authorization of an optimization device |
US11868449B2 (en) | 2014-09-05 | 2024-01-09 | Hewlett Packard Enterprise Development Lp | Dynamic monitoring and authorization of an optimization device |
US20160149809A1 (en) * | 2014-11-21 | 2016-05-26 | Thales | Data communication method between a roaming radio equipment item and a network access gateway |
US9942141B2 (en) * | 2014-11-21 | 2018-04-10 | Thales | Data communication method between a roaming radio equipment item and a network access gateway |
US10164861B2 (en) | 2015-12-28 | 2018-12-25 | Silver Peak Systems, Inc. | Dynamic monitoring and visualization for network health characteristics |
US11336553B2 (en) | 2015-12-28 | 2022-05-17 | Hewlett Packard Enterprise Development Lp | Dynamic monitoring and visualization for network health characteristics of network device pairs |
US10771370B2 (en) | 2015-12-28 | 2020-09-08 | Silver Peak Systems, Inc. | Dynamic monitoring and visualization for network health characteristics |
US11601351B2 (en) | 2016-06-13 | 2023-03-07 | Hewlett Packard Enterprise Development Lp | Aggregation of select network traffic statistics |
US11757739B2 (en) | 2016-06-13 | 2023-09-12 | Hewlett Packard Enterprise Development Lp | Aggregation of select network traffic statistics |
US10432484B2 (en) | 2016-06-13 | 2019-10-01 | Silver Peak Systems, Inc. | Aggregating select network traffic statistics |
US11757740B2 (en) | 2016-06-13 | 2023-09-12 | Hewlett Packard Enterprise Development Lp | Aggregation of select network traffic statistics |
US9967056B1 (en) | 2016-08-19 | 2018-05-08 | Silver Peak Systems, Inc. | Forward packet recovery with constrained overhead |
US10848268B2 (en) | 2016-08-19 | 2020-11-24 | Silver Peak Systems, Inc. | Forward packet recovery with constrained network overhead |
US10326551B2 (en) | 2016-08-19 | 2019-06-18 | Silver Peak Systems, Inc. | Forward packet recovery with constrained network overhead |
US11424857B2 (en) | 2016-08-19 | 2022-08-23 | Hewlett Packard Enterprise Development Lp | Forward packet recovery with constrained network overhead |
US10986076B1 (en) * | 2016-09-08 | 2021-04-20 | Rockwell Collins, Inc. | Information flow enforcement for IP domain in multilevel secure systems |
US11159940B2 (en) * | 2016-10-04 | 2021-10-26 | Orange | Method for mutual authentication between user equipment and a communication network |
US10257082B2 (en) | 2017-02-06 | 2019-04-09 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows |
US11582157B2 (en) | 2017-02-06 | 2023-02-14 | Hewlett Packard Enterprise Development Lp | Multi-level learning for classifying traffic flows on a first packet from DNS response data |
US11729090B2 (en) | 2017-02-06 | 2023-08-15 | Hewlett Packard Enterprise Development Lp | Multi-level learning for classifying network traffic flows from first packet data |
US10771394B2 (en) | 2017-02-06 | 2020-09-08 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows on a first packet from DNS data |
US11044202B2 (en) | 2017-02-06 | 2021-06-22 | Silver Peak Systems, Inc. | Multi-level learning for predicting and classifying traffic flows from first packet data |
US10892978B2 (en) | 2017-02-06 | 2021-01-12 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows from first packet data |
US10567275B2 (en) | 2017-03-01 | 2020-02-18 | Juniper Networks, Inc. | Network interface card switching for virtual networks |
US10243840B2 (en) | 2017-03-01 | 2019-03-26 | Juniper Networks, Inc. | Network interface card switching for virtual networks |
US11115398B2 (en) * | 2017-03-08 | 2021-09-07 | Abb Power Grids Switzerland Ag | Methods and devices for preserving relative timing and ordering of data packets in a network |
US11164674B2 (en) * | 2017-05-15 | 2021-11-02 | Medtronic, Inc. | Multimodal cryptographic data communications in a remote patient monitoring environment |
US11805045B2 (en) | 2017-09-21 | 2023-10-31 | Hewlett Packard Enterprise Development Lp | Selective routing |
US11212210B2 (en) | 2017-09-21 | 2021-12-28 | Silver Peak Systems, Inc. | Selective route exporting using source type |
US10637721B2 (en) | 2018-03-12 | 2020-04-28 | Silver Peak Systems, Inc. | Detecting path break conditions while minimizing network overhead |
US10887159B2 (en) | 2018-03-12 | 2021-01-05 | Silver Peak Systems, Inc. | Methods and systems for detecting path break conditions while minimizing network overhead |
US11405265B2 (en) | 2018-03-12 | 2022-08-02 | Hewlett Packard Enterprise Development Lp | Methods and systems for detecting path break conditions while minimizing network overhead |
US11722471B1 (en) | 2018-05-09 | 2023-08-08 | Architecture Technology Corporation | Systems and methods for secure data transport |
US11637815B1 (en) | 2018-05-09 | 2023-04-25 | Architecture Technology Corporation | Systems and methods for encrypting data in transit |
US10652220B1 (en) * | 2018-05-09 | 2020-05-12 | Architecture Technology Corporation | Systems and methods for secure data transport |
US10979402B1 (en) | 2018-05-09 | 2021-04-13 | Architecture Technology Corporation | Systems and methods for data in transit encryption |
US10992591B1 (en) * | 2019-03-12 | 2021-04-27 | Juniper Networks, Inc | Apparatus, system, and method for discovering path maximum transmission units |
US10798014B1 (en) * | 2019-04-05 | 2020-10-06 | Arista Networks, Inc. | Egress maximum transmission unit (MTU) enforcement |
US20220247719A1 (en) * | 2019-09-24 | 2022-08-04 | Pribit Technology, Inc. | Network Access Control System And Method Therefor |
US20230028529A1 (en) * | 2021-07-22 | 2023-01-26 | Vmware, Inc. | Managing processing queue allocation based on addressing attributes of an inner packet |
US11929920B2 (en) * | 2021-07-22 | 2024-03-12 | VMware LLC | Managing processing queue allocation based on addressing attributes of an inner packet |
US20230262035A1 (en) * | 2022-02-15 | 2023-08-17 | Hewlett Packard Enterprise Development Lp | Internet protocol security (ipsec) security associations (sa) balance between heterogeneous cores in multiple controller system |
US11968193B1 (en) | 2022-11-14 | 2024-04-23 | Architecture Technology Corporation | Systems and methods for receiving secure data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7215667B1 (en) | System and method for communicating IPSec tunnel packets with compressed inner headers | |
US11283772B2 (en) | Method and system for sending a message through a secure connection | |
Jokela et al. | Using the encapsulating security payload (ESP) transport format with the host identity protocol (HIP) | |
US7818564B2 (en) | Deciphering of fragmented enciphered data packets | |
US9300634B2 (en) | Mobile IP over VPN communication protocol | |
US7430204B2 (en) | Internet protocol tunnelling using templates | |
US7434045B1 (en) | Method and apparatus for indexing an inbound security association database | |
US7426636B1 (en) | Compact secure data communication method | |
CN115174520B (en) | Network address information hiding method and system | |
CN110832806B (en) | ID-based data plane security for identity-oriented networks | |
US20100275008A1 (en) | Method and apparatus for secure packet transmission | |
RU2517405C2 (en) | Method of providing security associations for encrypted packet data | |
JP4113205B2 (en) | Cryptographic processing device | |
Nikander et al. | Network Working Group P. Jokela Request for Comments: 5202 Ericsson Research NomadicLab Category: Experimental R. Moskowitz ICSAlabs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: CORRENT CORPORATION, ARIZONA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DAVIS, JOHN;REEL/FRAME:012344/0870 Effective date: 20011120 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: ITT MANUFACTURING ENTERPRISES, INC., DELAWARE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CORRENT CORPORATION;REEL/FRAME:020056/0483 Effective date: 20071031 Owner name: ITT MANUFACTURING ENTERPRISES, INC.,DELAWARE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CORRENT CORPORATION;REEL/FRAME:020056/0483 Effective date: 20071031 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
AS | Assignment |
Owner name: EXELIS INC., VIRGINIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ITT MANUFACTURING ENTERPRISES LLC (FORMERLY KNOWN AS ITT MANUFACTURING ENTERPRISES, INC.);REEL/FRAME:027574/0040 Effective date: 20111221 |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
AS | Assignment |
Owner name: HARRIS CORPORATION, FLORIDA Free format text: MERGER;ASSIGNOR:EXELIS INC.;REEL/FRAME:039362/0534 Effective date: 20151223 |
|
FEPP | Fee payment procedure |
Free format text: PAT HOLDER NO LONGER CLAIMS SMALL ENTITY STATUS, ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: STOL); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 12 |